-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow disabling NLA (Network Level Authentication) for RDP #604
Comments
Adding a connection setting to disable NLA shouldn't be an issue. I'll take a look whether that's sufficient to enable GCPW usage. |
Thanks. Are there any nightly/beta builds so i can test the fix before your next release? I'm not really equipped to build from src and would love to be able to try out the fix. |
Here's the latest build of the Thanks for giving this a try, let me know if you experience any issues. |
Version 2.24.735 now lets you disable NLA in the connection settings. Thanks for suggesting this feature. |
@jpassing thanks for that. I didn't manage to test before you released it, but I've tested the release now and it's perfect! |
That's great to hear, thanks! |
We are currently looking at using IAP-Desktop in combination with GCPW (Google Credential Provider for Windows). After the initial login with 2FA, connecting via IAP-Desktop works fine. However for initial logins (and when 2FA is required again) we need to RDP to the server's login screen instead of providing the credentials through the initial connection.
To do that initial login, you need a RDP session with NLA disable, for the normal RDP client this can be done by setting
enablecredsspsupport:i:0
in the RDP file (See https://gist.github.com/pingec/7b391a04412a7034bfb6).If we can get IAP-Desktop to support this option somehow it would be really useful as then we can use IAP-Desktop in combination with GCPW for initial login and any time the 2FA reauth is needed.
It would be amazing if the IAP and GCPW teams worked together to make SSO via IAP-Desktop a possability, but that's probably a pipe dream for now.
The text was updated successfully, but these errors were encountered: